MIDIPermissionRequest.cpp

mozilla-central/dom/midi/MIDIPermissionRequest.cpp (file symbol)

Enable keyboard shortcuts

Source code

Revision control

Copy as Markdown

Other Tools

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */

/* vim:set ts=2 sw=2 sts=2 et cindent: */

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this file,

 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "mozilla/dom/MIDIPermissionRequest.h"

#include "mozilla/dom/Document.h"

#include "mozilla/dom/MIDIAccessManager.h"

#include "mozilla/dom/MIDIOptionsBinding.h"

#include "mozilla/ipc/BackgroundChild.h"

#include "mozilla/ipc/PBackgroundChild.h"

#include "mozilla/BasePrincipal.h"

#include "mozilla/RandomNum.h"

#include "mozilla/StaticPrefs_dom.h"

#include "nsIGlobalObject.h"

#include "mozilla/Preferences.h"

#include "nsContentUtils.h"

//-------------------------------------------------

// MIDI Permission Requests

//-------------------------------------------------

using namespace mozilla::dom;

NS_IMPL_CYCLE_COLLECTION_INHERITED(MIDIPermissionRequest,

                                   ContentPermissionRequestBase, mPromise)

NS_IMPL_QUERY_INTERFACE_CYCLE_COLLECTION_INHERITED(MIDIPermissionRequest,

                                                   ContentPermissionRequestBase,

                                                   nsIRunnable)

NS_IMPL_ADDREF_INHERITED(MIDIPermissionRequest, ContentPermissionRequestBase)

NS_IMPL_RELEASE_INHERITED(MIDIPermissionRequest, ContentPermissionRequestBase)

MIDIPermissionRequest::MIDIPermissionRequest(nsPIDOMWindowInner* aWindow,

                                             Promise* aPromise,

                                             const MIDIOptions& aOptions)

    : ContentPermissionRequestBase(

          aWindow->GetDoc()->NodePrincipal(), aWindow,

          ""_ns,  // We check prefs in a custom way here

          "midi"_ns),

      mPromise(aPromise),

      mNeedsSysex(aOptions.mSysex) {

  MOZ_ASSERT(aWindow);

  MOZ_ASSERT(aPromise, "aPromise should not be null!");

  MOZ_ASSERT(aWindow->GetDoc());

  mPrincipal = aWindow->GetDoc()->NodePrincipal();

  MOZ_ASSERT(mPrincipal);

NS_IMETHODIMP

MIDIPermissionRequest::GetTypes(nsIArray** aTypes) {

  NS_ENSURE_ARG_POINTER(aTypes);

  nsTArray<nsString> options;

  // The previous implementation made no differences between midi and

  // midi-sysex. The check on the SitePermsAddonProvider pref should be removed

  // at the same time as the old implementation.

  if (mNeedsSysex || !StaticPrefs::dom_sitepermsaddon_provider_enabled()) {

    options.AppendElement(u"sysex"_ns);

  return nsContentPermissionUtils::CreatePermissionArray(mType, options,

                                                         aTypes);

NS_IMETHODIMP

MIDIPermissionRequest::Cancel() {

  mCancelTimer = nullptr;

  if (StaticPrefs::dom_sitepermsaddon_provider_enabled()) {

    mPromise->MaybeRejectWithSecurityError(

        "WebMIDI requires a site permission add-on to activate");

  } else {

    // This message is used for the initial XPIProvider-based implementation

    // of Site Permissions.

    // It should be removed as part of Bug 1789718.

    mPromise->MaybeRejectWithSecurityError(

        "WebMIDI requires a site permission add-on to activate — see "

        "https://extensionworkshop.com/documentation/publish/"

        "site-permission-add-on/ for details.");

  return NS_OK;

NS_IMETHODIMP

MIDIPermissionRequest::Allow(JS::Handle<JS::Value> aChoices) {

  MOZ_ASSERT(aChoices.isUndefined());

  MIDIAccessManager* mgr = MIDIAccessManager::Get();

  mgr->CreateMIDIAccess(mWindow, mNeedsSysex, mPromise);

  return NS_OK;

NS_IMETHODIMP

MIDIPermissionRequest::Run() {

  // If the testing flag is true, skip dialog

  if (Preferences::GetBool("midi.prompt.testing", false)) {

    bool allow =

        Preferences::GetBool("media.navigator.permission.disabled", false);

    if (allow) {

      Allow(JS::UndefinedHandleValue);

    } else {

      Cancel();

    return NS_OK;

  nsCString permName = "midi"_ns;

  // The previous implementation made no differences between midi and

  // midi-sysex. The check on the SitePermsAddonProvider pref should be removed

  // at the same time as the old implementation.

  if (mNeedsSysex || !StaticPrefs::dom_sitepermsaddon_provider_enabled()) {

    permName.Append("-sysex");

  // First, check for an explicit allow/deny. Note that we want to support

  // granting a permission on the base domain and then using it on a subdomain,

  // which is why we use the non-"Exact" variants of these APIs. See bug

  // 1757218.

  if (nsContentUtils::IsSitePermAllow(mPrincipal, permName)) {

    Allow(JS::UndefinedHandleValue);

    return NS_OK;

  if (nsContentUtils::IsSitePermDeny(mPrincipal, permName)) {

    CancelWithRandomizedDelay();

    return NS_OK;

  // If the add-on is not installed, and sitepermsaddon provider not enabled,

  // auto-deny (except for localhost).

  if (StaticPrefs::dom_webmidi_gated() &&

      !StaticPrefs::dom_sitepermsaddon_provider_enabled() &&

      !nsContentUtils::HasSitePerm(mPrincipal, permName) &&

      !mPrincipal->GetIsLoopbackHost()) {

    CancelWithRandomizedDelay();

    return NS_OK;

  // If sitepermsaddon provider is enabled and user denied install,

  // auto-deny (except for localhost, where we use a regular permission flow).

  if (StaticPrefs::dom_sitepermsaddon_provider_enabled() &&

      nsContentUtils::IsSitePermDeny(mPrincipal, "install"_ns) &&

      !mPrincipal->GetIsLoopbackHost()) {

    CancelWithRandomizedDelay();

    return NS_OK;

  // Before we bother the user with a prompt, see if they have any devices. If

  // they don't, just report denial.

  MOZ_ASSERT(NS_IsMainThread());

  mozilla::ipc::PBackgroundChild* actor =

      mozilla::ipc::BackgroundChild::GetOrCreateForCurrentThread();

  if (NS_WARN_IF(!actor)) {

    return NS_ERROR_FAILURE;

  RefPtr<MIDIPermissionRequest> self = this;

  actor->SendHasMIDIDevice(

      [=](bool aHasDevices) {

        MOZ_ASSERT(NS_IsMainThread());

        if (aHasDevices) {

          self->DoPrompt();

        } else {

          nsContentUtils::ReportToConsoleNonLocalized(

              u"Silently denying site request for MIDI access because no devices were detected. You may need to restart your browser after connecting a new device."_ns,

              nsIScriptError::infoFlag, "WebMIDI"_ns, mWindow->GetDoc());

          self->CancelWithRandomizedDelay();

},

      [=](auto) { self->CancelWithRandomizedDelay(); });

  return NS_OK;

// If the user has no MIDI devices, we automatically deny the request. To

// prevent sites from using timing attack to discern the existence of MIDI

// devices, we instrument silent denials with a randomized delay between 3

// and 13 seconds, which is intended to model the time the user might spend

// considering a prompt before denying it.

//

// Note that we set the random component of the delay to zero in automation

// to avoid unnecessarily increasing test end-to-end time.

void MIDIPermissionRequest::CancelWithRandomizedDelay() {

  MOZ_ASSERT(NS_IsMainThread());

  uint32_t baseDelayMS = 3 * 1000;

  uint32_t randomDelayMS =

      xpc::IsInAutomation() ? 0 : RandomUint64OrDie() % (10 * 1000);

  auto delay = TimeDuration::FromMilliseconds(baseDelayMS + randomDelayMS);

  RefPtr<MIDIPermissionRequest> self = this;

  NS_NewTimerWithCallback(

      getter_AddRefs(mCancelTimer), [=](auto) { self->Cancel(); }, delay,

      nsITimer::TYPE_ONE_SHOT, __func__);

nsresult MIDIPermissionRequest::DoPrompt() {

  if (NS_FAILED(nsContentPermissionUtils::AskPermission(this, mWindow))) {

    Cancel();

    return NS_ERROR_FAILURE;

  return NS_OK;